BSP Implements Cybersecurity Self-Assessments for Financial Institutions

Severity: Medium (Score: 42.3)

Sources: Tribune.Ph

Summary

The Bangko Sentral ng Pilipinas (BSP) has mandated banks and financial institutions to perform regular cybersecurity self-assessments under Circular No. 1232, issued on April 27, 2026. This initiative aims to enhance digital defenses and mitigate rising fraud risks due to increased cyber threats from rapid digitalization. Institutions must evaluate their cybersecurity frameworks, including risk management and incident response capabilities, in alignment with regulatory standards. The BSP is also phasing out one-time passwords (OTPs) as a primary authentication method, citing their vulnerability to phishing attacks, and is promoting more secure alternatives like biometrics. Additionally, the BSP has strengthened inter-agency cooperation by signing agreements with the Cybercrime Investigation and Coordinating Center (CICC), National Bureau of Investigation (NBI), and Securities and Exchange Commission (SEC) to facilitate data sharing for fraud investigations. These measures are part of a broader strategy to reduce financial cybercrime and unauthorized transactions. BSP General Counsel Roberto L. Figueroa emphasized the need for collaboration among regulators to effectively address evolving financial crimes. Key Points: • BSP mandates regular cybersecurity self-assessments for financial institutions. • Phasing out OTPs in favor of more secure authentication methods. • Strengthened inter-agency cooperation to combat financial cybercrime.

Key Entities

• Phishing (attack_type)
• Financial (industry)
• T1566 - Phishing (mitre_attack)